Hiya I'm seeing several of these probes today. Five requests, always in one second. Makes me think this is pretty automated ;) The webserver is very small, doesn't host any high traffic site, so this seems to be a scanner and is not specifically targeted. Seems someone is seeking for a special PHP version. Is there a new exploit or just a kiddie search for old php versions? Anyone up for news? pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100] "GET /index.php HTTP/1.0" 404 203 "-" "-" pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100] "GET /main.php HTTP/1.0" 404 202 "-" "-" pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100] "GET /phpinfo.php HTTP/1.0" 404 205 "-" "-" pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100] "GET /test.php HTTP/1.0" 404 202 "-" "-" pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100] "GET /index.php3 HTTP/1.0" 404 204 "-" "-" I'm not really worried, just wanted to note it might be better to upgrade to latest versions or even better, drop php ;-) Especially the phpinfo page might reveal a lot about your configuration. MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org refat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 13 2003 - 10:09:57 PST